%-----------------------------------------------------------------------------
\chapter{Related work (Zechner)}
%-----------------------------------------------------------------------------

\section{Virtual private networks}
%todo cite
"{\bf A virtual private network (VPN) extends a private network across a public
network, such as the Internet.} It enables a computer to send and receive data
across shared or public networks as if it is directly connected to the private
network, while benefiting from the functionality, security and management
policies of the private network. \underline{In addition}, VPN is created by
establishing a virtual point-to-point connection through the use of dedicated connections, virtual
tunneling protocols, or traffic encryptions" \cite{wikipedia-vpn}. Using VPN connections 
on client computers can assure that network traffic from the client
computer to the VPN endpoint can not be accessed, altered or interfered with.
\underline{In essence}, the objective of a Virtual Private Network is to add
a level of security to the exchange of data.



\section{Vyatta}
{\bf Vyatta provides software-based virtual router, virtual firewall and VPN
products for Internet Protocol Networks.} It is a specialized Debian-based Linux 
distribution with networking applications, like Quagga, OpenVPN, and many
others. \underline{Furthermore}, the Vyatta software is also delivered as a
virtual machine file and can provide functionality for many applications,
including VMWare, KVM or Amazon EC2 virtual and cloud computing environments.

\subsection{Types of virtual private networks}

{\bf The Vyatta system supports two different types of VPN
solutions}\cite[p.2-3]{vyatta-reference-guide}:

\subsubsection{Site-to-Site VPN}

Site-to-site VPN allows a user to connect two or more sites
separated by a wide area network. The two sites, which appear to be on a single
private network, are connected by a “tunnel” as shown in figure Figure 2.1.

\begin{figure}[htbp]
    \includegraphics [width=12cm,angle=0] {figures/site2sitevpn_vyatta.png}
    \caption{Site to Site VPN}
    \label{VaadinDebug}
\end{figure}

\subsubsection{Remote Access VPN}


\underline{Second}remote access VPN allows a VPN tunnel to be established
between a remote user and a VPN server (as shown in Figure 2.2). \underline{With
this approach}, a remote user could access the company network from home.

\begin{figure}[htb]
    \includegraphics [width=12cm,angle=0] {figures/remoteaccessvpn_vyatta.png}
    \caption{Remote Access VPN}
    \label{VaadinDebug}
\end{figure}

%todo Types of virtual private networks - sowie verschiedene Arten PPTP, IPSec
%etc. Vyatta VPN Guide Seite 6
%Verschiedene Arten grundsätzlich erklären Guide
%Protokolle nur aufzählen Guide

\section{Virtual private network servers and clients}
{\bf Virtual private network servers (VPN servers) provide the target endpoint
of a VPN, to which clients can safely connect.} The connection between
the server and its clients is secured by the server, which offers a secure
network connection via several potential protocols. \underline{In addition},
client computers connect to VPN servers utilizing specialized software to
establish the secure connection.

\subsection{Advantages of VPN}

\begin{enumerate}
  \item Fast and easy implementation
  \item Does not depend on the security provided by ISP (Internet Service
  Provider)
  \item Low costs
  \item Easy to convert and adaptable to upcoming technologies
  \item Data secured by serveral encryption methods
\end{enumerate}

\subsection{Disadvantages of VPN}

\begin{enumerate}
  \item Performance is not guaranteed
  \item Wide-ranging technical knowledge is necessary
\end{enumerate}

\section{Risks on the Internet}
{\bf For a user, there are 4 main risks on the Internet:}

\begin{enumerate}
  \item Sniffing: The TCP/IP protocols do not defend against an eavesdropping
  operation. All protocols within the TCP/IP family in Version 4 send data in
  cleartext. Therefore it is the task of the user, to encrypt sensitive data,
  before they reach the TCP/IP protocol. This process often entails high effort
  for the user. If there is no encryption, the data could be read across the
   whole connection path.
  \item Breaking and Entering: Breaking into a network is
  a high security risk if the network is connected to the internet. Network
  breaks are frequently possible because there are all too often security risk
  in the producs used. An attacker could use these exploits to gain access to a
  LAN (Local Area Network). A firewall is commonly, used to prevent a system
  from such attacks. \underline{However}, this is often insufficent to secure a
  system.
  \item Invalid identity: One big risk on the Internet is the seeming
  anonymity.
  There is no way to guarantee the authenticity of a communication partner with
  the help of TCP/IP protocols. \underline{Furthermore}, a partner could provide
  a false IP-Address (IP-Spoofing), an invalid MAC-Address (ARP-Spoofing), or
  even a wrong DNS-Name (DNS-Spoofing).
  \item Modification of data: Once an attacker is able to sniff data over a
  network, it is possible to change the data or add some new (malicious) data.
  Classic TCP/IP protocols do not offer an integrity protection for
  information transported over the network. \underline{Basically}, an
  attacker could change data (e.g. of emails, Word documents or other data),
  which could be transported via networks.
\end{enumerate}\cite[p.16f]{vpnlinux}

\section{Hosting platforms}
{\bf Hosting platforms provide different kinds of computer related execution
services, which customers can utilize for their needs.} \underline{More
specifically}, a hosting service provider allows organisations and individuals
to serve content to the Internet. The major benefit of such services is, that
customers do not need to buy or manage real physical computers.
\underline{However}, since Internet hosting platforms include the required
Internet connection providers may charge a flat rate per month or charge per 
bandwidth used. \cite{wikipedia-Hosting}.

\subsection{Platform as a Service}
The hosting platforms which are used in this thesis can be described 
as a so-called Platform as a Service (PaaS) which is distinguished by the
following features \cite{cloudpaas}:

\begin{enumerate}
  \item Delivery via the Internet. Cloud technologies are accessible from
  every point in the world where an Internet connection is available.
  \item Development language availability. A majority of high-level languages
  are supported depending on the platform and vendor.
  \item Environments of customers are isolated from each other. This means, that
  safety is achieved and data is not accessible to others. In addition, changes
  in one environment do not influence the other environments.
  \item Development lifecycle is supported. The provider offers possibilities to
  deploy, manage, test and maintain applications.
  \item Documented and well-defined service interfaces are included, which are
  required to support applications and services.
\end{enumerate}

